Sign in with
Sign up | Sign in
Your question

Ext Drive Encrypted Files Deny Access

Last response: in Windows XP
Share
Anonymous
a b 8 Security
February 4, 2005 3:26:57 PM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

Posted to: microsoft.public.security; microsoft.public.security.homeusers;
microsoft.public.windowsxp.security_admin; microsoft.public.security.crypto:
Is there a better group?

HI,

If this looks familiar, that's because it is. Originally I posted this to
two ng's, neither of which I can find now. You'll understand why shortly,
if you consider my short-term memory problems <g>. I think I can restate it
a lot better now, too. Any and all assistance/advice much appreciated.

XP Pro, completely updated SP2/hotfix, two 80Gig internal, not RAID et al,
one ext 160Gig external, no SCSI.

Short Story:
1. Accidentally encrypted data on external ACOM USB 160 Gig drive.
Included my Full/Incremental backup done recently. It was a mis-click and I
stopped it, but it had already finished. Folders also were encrypted. Then
of course, I "forgot" it happened: until I needed the files, of course.
They are WINZIP files, encrypted, I'm fairly sure, by XP EFS, but could not
swear that winzip didn't do it. It -looks- like EFS did the encryption.
2. Later, trying to track down files disappearing for no reason, eventually
C became trashed.
3. OK, got our my ASR floppy, booted on it, all went fine until it wouldn't
accept my backup CDs as valid files. They were created with the system
Backup function. I don't remember doing a Verify operation.
4. Upon boot, got an error message; bad hardware. Didn't believe it.
5. Reformat/reinstall XP.
5a XP CD would NOT let me delete the partition on C, nor would it let me
install to C. It was so adamant, and yes, I've used it before and think all
I had to do was delete the partition first, to put XP on C., that I finally
acquesced and said OK, put it on D.
No problems, boots fine from D for the boot disk. I'll worry about
drive letter assignments later; right now I've only got a minimal install
anyway - nothing but XP, Norton, Firewall; no antispy stuff yet.

SYNOPSIS:
-- I ass-u-me when I formatted, I got new keys and certificates, right?
And that's why I can't access the files on my external USB drive?

-- I DID manage to decrypt the Folders, so future files won't be encrypted;
that's why I think it's EFS produced encryption and not Winzip's. But, I
can't find a way to get at any of the Files that are encrypted.

-- OK, I"ve managed to recover from lost passowords, all kinds of things,
so there must be a way to decrypt those Files, either to the same drive or
to another drive. Folders are UNencrpted now, but I can only copy them
around their own drive, not to another drive where they might expand. None
are R, H, or S. But danged if I can find it! I"ve seen a couple of
similarities on these groups, but none with a solution that worked for me;
either they weren't applicable or the thread ended with a terse microsoft
reference, most of which I'd already looked at and tried. I've been thru
many MSKB articles with no joy. I've tried Cipher also, to no avail. My
resources are about exhausted, so I'm looking for help here. So the
ultimate question is, in view of the above information:

HOW can I load, decrypt or otherwise manipulate those encrypted files in
order to recover them? Although it doesn't appear an advantage, I'd easily
consider another format if it would open up any avenues.

I'm no guru, but you can talk about how to get to and use most of the Admin
Tools, etc., so you don't have to completely hold my hand, but ... this is
new territory for me, so please keep that in mind.

I also have Partition Magic 8, though not loaded yet, if that means
anything to anyone.

Pop
---
Microsoft's Security might not
be all that good, but, so far,
it's PERFECT with those files!
February 4, 2005 3:33:51 PM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

Damn, that's twice that happened! THIS post should say it's from Pop
onscreen. I hate those auto-changes!

Pop
February 4, 2005 4:04:32 PM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

MICROSOFT wrote:


> If this looks familiar, that's because it is. Originally I posted
> this to
> two ng's, neither of which I can find now. You'll understand why
> shortly,
> if you consider my short-term memory problems <g>. I think I can
> restate it
> a lot better now, too. Any and all assistance/advice much
> appreciated.
>
> XP Pro, completely updated SP2/hotfix, two 80Gig internal, not RAID et
> al, one ext 160Gig external, no SCSI.
>
> Short Story:
> 1. Accidentally encrypted data on external ACOM USB 160 Gig drive.
> Included my Full/Incremental backup done recently. It was a mis-click
> and I
> stopped it, but it had already finished. Folders also were encrypted.
> Then of course, I "forgot" it happened: until I needed the files, of
> course. They are WINZIP files, encrypted, I'm fairly sure, by XP EFS,
> but could not
> swear that winzip didn't do it. It -looks- like EFS did the
> encryption.
> 2. Later, trying to track down files disappearing for no reason,
> eventually C became trashed.
> 3. OK, got our my ASR floppy, booted on it, all went fine until it
> wouldn't
> accept my backup CDs as valid files. They were created with the
> system
> Backup function. I don't remember doing a Verify operation.
> 4. Upon boot, got an error message; bad hardware. Didn't believe it.
> 5. Reformat/reinstall XP.
> 5a XP CD would NOT let me delete the partition on C, nor would it
> let me
> install to C. It was so adamant, and yes, I've used it before and
> think all I had to do was delete the partition first, to put XP on C.,
> that I finally acquesced and said OK, put it on D.
> No problems, boots fine from D for the boot disk. I'll worry
> about
> drive letter assignments later; right now I've only got a minimal
> install anyway - nothing but XP, Norton, Firewall; no antispy stuff
> yet.
>
> SYNOPSIS:
> -- I ass-u-me when I formatted, I got new keys and certificates,
> right?
> And that's why I can't access the files on my external USB drive?
>
> -- I DID manage to decrypt the Folders, so future files won't be
> encrypted;
> that's why I think it's EFS produced encryption and not Winzip's.
> But, I can't find a way to get at any of the Files that are encrypted.
>
> -- OK, I"ve managed to recover from lost passowords, all kinds of
> things, so there must be a way to decrypt those Files, either to the
> same drive or to another drive. Folders are UNencrpted now, but I can
> only copy them
> around their own drive, not to another drive where they might expand.
> None
> are R, H, or S. But danged if I can find it! I"ve seen a couple of
> similarities on these groups, but none with a solution that worked for
> me; either they weren't applicable or the thread ended with a terse
> microsoft
> reference, most of which I'd already looked at and tried. I've been
> thru
> many MSKB articles with no joy. I've tried Cipher also, to no avail.
> My
> resources are about exhausted, so I'm looking for help here. So the
> ultimate question is, in view of the above information:
>
> HOW can I load, decrypt or otherwise manipulate those encrypted files
> in
> order to recover them? Although it doesn't appear an advantage, I'd
> easily consider another format if it would open up any avenues.
>
> I'm no guru, but you can talk about how to get to and use most of the
> Admin Tools, etc., so you don't have to completely hold my hand, but
> ... this is new territory for me, so please keep that in mind.
>
> I also have Partition Magic 8, though not loaded yet, if that means
> anything to anyone.
>

Short answer: if you did not back up your encryption keys and/or assign
a recovery agent - and it certainly doesn't sound like you did - the
data is gone. There is no way you can decrypt the files. Maybe the NSA
could, but there are no magic tools or methods. Your data is lost, so
move on.

I'm sorry, but that's the plain truth. Here are links to information
about EFS for future reference:

http://www3.telus.net/dandemar/encrypt.htm - encryption info
http://www.beginningtoseethelight.org/efsrecovery/ - more encryption
info
http://www3.telus.net/dandemar/private.htm - making stuff private
http://tinyurl.com/6l6xx - Information about EFS (Encryption) (MSKB)

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Related resources
Anonymous
a b 8 Security
February 5, 2005 1:02:24 AM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

MICROSOFT wrote:

> Posted to: microsoft.public.security; microsoft.public.security.homeusers;
> microsoft.public.windowsxp.security_admin; microsoft.public.security.crypto:
> Is there a better group?
>
> HI,
>
> If this looks familiar, that's because it is. Originally I posted this to
> two ng's, neither of which I can find now.
Hi

You got two answers to your first post:

http://groups.google.co.uk/groups?threadm=O%24SHJ7kCFHA...

Anyway, verify that it is not just a ownership issue:

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421


If the files really are encrypted with EFS, and you never exported
the encryption certificate before re-installing the OS:

If you have access to the user profile folders for the user that
encrypted the files (on e.g. a BACKUP) and if you remember the
password for the user that encrypted the data, you might be able
to save the files.

Take a look at this site for more details:

http://www.beginningtoseethelight.org/efsrecovery/



> You'll understand why shortly,
> if you consider my short-term memory problems <g>. I think I can restate it
> a lot better now, too. Any and all assistance/advice much appreciated.
>
> XP Pro, completely updated SP2/hotfix, two 80Gig internal, not RAID et al,
> one ext 160Gig external, no SCSI.
>
> Short Story:
> 1. Accidentally encrypted data on external ACOM USB 160 Gig drive.
> Included my Full/Incremental backup done recently. It was a mis-click and I
> stopped it, but it had already finished. Folders also were encrypted. Then
> of course, I "forgot" it happened: until I needed the files, of course.
> They are WINZIP files, encrypted, I'm fairly sure, by XP EFS, but could not
> swear that winzip didn't do it. It -looks- like EFS did the encryption.
> 2. Later, trying to track down files disappearing for no reason, eventually
> C became trashed.
> 3. OK, got our my ASR floppy, booted on it, all went fine until it wouldn't
> accept my backup CDs as valid files. They were created with the system
> Backup function. I don't remember doing a Verify operation.
> 4. Upon boot, got an error message; bad hardware. Didn't believe it.
> 5. Reformat/reinstall XP.
> 5a XP CD would NOT let me delete the partition on C, nor would it let me
> install to C. It was so adamant, and yes, I've used it before and think all
> I had to do was delete the partition first, to put XP on C., that I finally
> acquesced and said OK, put it on D.
> No problems, boots fine from D for the boot disk. I'll worry about
> drive letter assignments later; right now I've only got a minimal install
> anyway - nothing but XP, Norton, Firewall; no antispy stuff yet.
>
> SYNOPSIS:
> -- I ass-u-me when I formatted, I got new keys and certificates, right?
> And that's why I can't access the files on my external USB drive?
>
> -- I DID manage to decrypt the Folders, so future files won't be encrypted;
> that's why I think it's EFS produced encryption and not Winzip's. But, I
> can't find a way to get at any of the Files that are encrypted.
>
> -- OK, I"ve managed to recover from lost passowords, all kinds of things,
> so there must be a way to decrypt those Files, either to the same drive or
> to another drive. Folders are UNencrpted now, but I can only copy them
> around their own drive, not to another drive where they might expand. None
> are R, H, or S. But danged if I can find it! I"ve seen a couple of
> similarities on these groups, but none with a solution that worked for me;
> either they weren't applicable or the thread ended with a terse microsoft
> reference, most of which I'd already looked at and tried. I've been thru
> many MSKB articles with no joy. I've tried Cipher also, to no avail. My
> resources are about exhausted, so I'm looking for help here. So the
> ultimate question is, in view of the above information:
>
> HOW can I load, decrypt or otherwise manipulate those encrypted files in
> order to recover them? Although it doesn't appear an advantage, I'd easily
> consider another format if it would open up any avenues.
>
> I'm no guru, but you can talk about how to get to and use most of the Admin
> Tools, etc., so you don't have to completely hold my hand, but ... this is
> new territory for me, so please keep that in mind.
>
> I also have Partition Magic 8, though not loaded yet, if that means
> anything to anyone.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
February 5, 2005 1:02:25 AM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

TB, thank you; that's valuable input and I -think- useful. I -printed- it
out, just in case <g>.
Also: D'oh! I never thought of Google to look for my posts! Forgot all
about it in the mess I've creaeted here.
More info & another question inline. EXCELlent info, BTW!

> http://groups.google.co.uk/groups?threadm=O%24SHJ7kCFHA...
>
> Anyway, verify that it is not just a ownership issue:
>
> HOW TO: Take Ownership of a File or Folder in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;308421
===> Been there, read it, tried it, plus lots of other ones that seemed
related but were all about the same kind of advice; no help, but I'm
learning a lot!
I think I've pretty well eliminated ownership as an issue; quite a few
times, in fact, not believing it.

> If the files really are encrypted with EFS, and you never exported
> the encryption certificate before re-installing the OS:
===> Nope, never did the export: In fact, never mean to leave the encrypted
even.
>
> If you have access to the user profile folders for the user that
> encrypted the files (on e.g. a BACKUP) and if you remember the
> password for the user that encrypted the data, you might be able
> to save the files.
===> I might just have those. , but, but, but ... it's a lot of CDs so I'll
do that this even ing when I don't feel so busy/confused. Worth a try. It
was I who did the encryption, and I do recall both the username and password
I used.
> http://www.beginningtoseethelight.org/efsrecovery/
===> Duly bookmarked; looks useful.
At least I got WinHex, Filemon and a couple other apps back easily,
thanks to your recommendations; thanks again.

===> Yes, if I EVER encrypt again, I SHALL make the necessary backups!!

===> New question:
This whole thing started out as a problem where, if I so much as let my
cursor land in any file's Summary window, my machine would spontaneously
Restart with the Recovery from a Serious Problem error message upon the
start. And, even after this reinstall, to a formatted disk (by XP), the
problem is STILL there! Subsequent research seems to indicate maybe a bad
piece of hardware, but which the hell one! Desparate, I sent the error to
MS again, and this time it came back and said I have a Driver problem. The
first two times MS had nothing to say, not even a "yeah, I know!" response
<g>.
Sooo, that's the direction I'm going in now. I DO recall awhile back
that updating an NVIDIA graphics card seemed to slow things down, so for now
I'm off in a driver check. It's easy enough to duplicate the problem, so
verification should be relatively easy. Since it happens on buttons-up over
a file Properties Summary tab, it seems to make sense the graphics card is
as good a starting point, maybe better, than any.

Do you have any comments on the above?
I don't think you'll have to remind me to backup my certs and keys; that's
pretty well ingrained by now <g>!

Regards, and thanks for the references,

Pop



> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b 8 Security
February 5, 2005 1:38:54 AM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

You said that the backup CDs were not usable, and also that the
backup incrementals were on the encrypted external.
If you cannot use the base backup at least, with out the incremental
chain, then you cannot recover bootability of the initial OS that way.
If you believe that C boot is just not going to be possible (it sometimes
is fixable from another install, as you now have on D) then from
what I read in your post you have two hopes.

But these are only hopes if the initial profile of the encrypting account
is still intact on C.

One is to use the methods Peter outlines at Beginningtoseethelight
(it is hard not to type spaces in that!); the other is to open a paid
support call with Microsoft. Again, the profile of the encrypting
account must be available (and you need to remember its password
that was in use at the time of the copy of the profile).

That said, if you have not totally toasted the C install, and so, in the
absence of usable backup, have the profile then perhaps the most
direct thing is just fixing C so that it will boot.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"MICROSOFT" <NOBODY@spamcop.net> wrote in message
news:o 7uIifvCFHA.464@TK2MSFTNGP15.phx.gbl...
> Posted to: microsoft.public.security;
microsoft.public.security.homeusers;
> microsoft.public.windowsxp.security_admin;
microsoft.public.security.crypto:
> Is there a better group?
>
> HI,
>
> If this looks familiar, that's because it is. Originally I posted this to
> two ng's, neither of which I can find now. You'll understand why shortly,
> if you consider my short-term memory problems <g>. I think I can restate
it
> a lot better now, too. Any and all assistance/advice much appreciated.
>
> XP Pro, completely updated SP2/hotfix, two 80Gig internal, not RAID et al,
> one ext 160Gig external, no SCSI.
>
> Short Story:
> 1. Accidentally encrypted data on external ACOM USB 160 Gig drive.
> Included my Full/Incremental backup done recently. It was a mis-click and
I
> stopped it, but it had already finished. Folders also were encrypted.
Then
> of course, I "forgot" it happened: until I needed the files, of course.
> They are WINZIP files, encrypted, I'm fairly sure, by XP EFS, but could
not
> swear that winzip didn't do it. It -looks- like EFS did the encryption.
> 2. Later, trying to track down files disappearing for no reason,
eventually
> C became trashed.
> 3. OK, got our my ASR floppy, booted on it, all went fine until it
wouldn't
> accept my backup CDs as valid files. They were created with the system
> Backup function. I don't remember doing a Verify operation.
> 4. Upon boot, got an error message; bad hardware. Didn't believe it.
> 5. Reformat/reinstall XP.
> 5a XP CD would NOT let me delete the partition on C, nor would it let
me
> install to C. It was so adamant, and yes, I've used it before and think
all
> I had to do was delete the partition first, to put XP on C., that I
finally
> acquesced and said OK, put it on D.
> No problems, boots fine from D for the boot disk. I'll worry about
> drive letter assignments later; right now I've only got a minimal install
> anyway - nothing but XP, Norton, Firewall; no antispy stuff yet.
>
> SYNOPSIS:
> -- I ass-u-me when I formatted, I got new keys and certificates, right?
> And that's why I can't access the files on my external USB drive?
>
> -- I DID manage to decrypt the Folders, so future files won't be
encrypted;
> that's why I think it's EFS produced encryption and not Winzip's. But, I
> can't find a way to get at any of the Files that are encrypted.
>
> -- OK, I"ve managed to recover from lost passowords, all kinds of things,
> so there must be a way to decrypt those Files, either to the same drive or
> to another drive. Folders are UNencrpted now, but I can only copy them
> around their own drive, not to another drive where they might expand.
None
> are R, H, or S. But danged if I can find it! I"ve seen a couple of
> similarities on these groups, but none with a solution that worked for me;
> either they weren't applicable or the thread ended with a terse microsoft
> reference, most of which I'd already looked at and tried. I've been thru
> many MSKB articles with no joy. I've tried Cipher also, to no avail. My
> resources are about exhausted, so I'm looking for help here. So the
> ultimate question is, in view of the above information:
>
> HOW can I load, decrypt or otherwise manipulate those encrypted files in
> order to recover them? Although it doesn't appear an advantage, I'd
easily
> consider another format if it would open up any avenues.
>
> I'm no guru, but you can talk about how to get to and use most of the
Admin
> Tools, etc., so you don't have to completely hold my hand, but ... this is
> new territory for me, so please keep that in mind.
>
> I also have Partition Magic 8, though not loaded yet, if that means
> anything to anyone.
>
> Pop
> ---
> Microsoft's Security might not
> be all that good, but, so far,
> it's PERFECT with those files!
>
>
>
>
February 5, 2005 12:01:44 PM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

"Roger Abell" <mvpNOSpam@asu.edu> wrote in
message
news:o QUhOS0CFHA.624@TK2MSFTNGP15.phx.gbl...
: You said that the backup CDs were not
usable, and also that the
: backup incrementals were on the encrypted
external.
=== I'm glad you restated that; something
seems awful fishy when I read it the way you
worded it; it doesn't make sense that the
older CD archive would be bad, too. That's
kind of a coincidence; may too much a
coincidence. So, for grins, I restored
using backup, to a now empty partition. And
the restore failed, too, so that begs the
question -why-? Then I grabbed an even
older full backup and started that restoring
too. And it worked, or as far as I let it
run. I stopped it after about twenty
minutes. The older one that seems to work
is a non-compressed version, and the newer
one is a compressed version. Huh!
Your comment was helpful, even if it made
work for me! Good catch.

....
: But these are only hopes if the initial
profile of the encrypting account
: is still intact on C.
=== It doesn't seem to be. I spend a LOT of
time on it and if it's there I've reached a
point in time where it's not worth anymore
effort. Heck, it's "only typing and
clicking", right {:-[
:
: One is to use the methods Peter outlines
at Beginningtoseethelight
: (it is hard not to type spaces in that!);
the other is to open a paid
: support call with Microsoft. Again, the
profile of the encrypting
: account must be available (and you need to
remember its password
: that was in use at the time of the copy of
the profile).
My confidence isn't 100%, but I'd say 95%
that it's not there. I might consider a
last-ditch call to MS support, dunno. What
I really think I"m going to do is just keep
the encrypted files on the ext drive just in
case I can recover them someday. Even if I
don't need them by then, the experience will
be good to have. Fortunately, it's all
replaceable DATA for the most part in the
backups that I've really lost, not articles
or vettings, so most of it can be recreated
given the time and brain-power needed.
:
: That said, if you have not totally toasted
the C install, and so, in the
: absence of usable backup, have the profile
then perhaps the most
: direct thing is just fixing C so that it
will boot.
....
In a fit of frustration last nite I deleted
the boot partition on C and reinstalled.
It's reinstalled and ready to rebuild now,
so the rest of it becomes moot in most ways.
I'm doing the first interim backup now and
prepping to go online for the updates etc.,
then I'll run PM and finish rebuilding the
rest. I created a Tree of Folders and that
wasn't encrypted, so I can thank the heavens
for small favors at least; that'll go a long
ways to helping me with the restructuring.

My thanks to everyone who responded - it was
a great effort, but I think I just didn't
have the savvy needed to carry out the
recovery. Maybe next week I will <g>.

Regards,

Pop
Anonymous
a b 8 Security
February 5, 2005 1:49:16 PM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

"POP" <nobody@spamcop.net> wrote in message
news:%23Oe97s4CFHA.2632@TK2MSFTNGP12.phx.gbl...
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in
> message
> news:o QUhOS0CFHA.624@TK2MSFTNGP15.phx.gbl...
> : You said that the backup CDs were not
> usable, and also that the
> : backup incrementals were on the encrypted
> external.
> === I'm glad you restated that; something
> seems awful fishy when I read it the way you
> worded it; it doesn't make sense that the
> older CD archive would be bad, too. That's
> kind of a coincidence; may too much a
> coincidence. So, for grins, I restored
> using backup, to a now empty partition. And
> the restore failed, too, so that begs the
> question -why-? Then I grabbed an even
> older full backup and started that restoring
> too. And it worked, or as far as I let it
> run. I stopped it after about twenty
> minutes. The older one that seems to work
> is a non-compressed version, and the newer
> one is a compressed version. Huh!
> Your comment was helpful, even if it made
> work for me! Good catch.
>
> ...
> : But these are only hopes if the initial
> profile of the encrypting account
> : is still intact on C.
> === It doesn't seem to be. I spend a LOT of
> time on it and if it's there I've reached a
> point in time where it's not worth anymore
> effort. Heck, it's "only typing and
> clicking", right {:-[
> :
> : One is to use the methods Peter outlines
> at Beginningtoseethelight
> : (it is hard not to type spaces in that!);
> the other is to open a paid
> : support call with Microsoft. Again, the
> profile of the encrypting
> : account must be available (and you need to
> remember its password
> : that was in use at the time of the copy of
> the profile).
> My confidence isn't 100%, but I'd say 95%
> that it's not there. I might consider a
> last-ditch call to MS support, dunno. What
> I really think I"m going to do is just keep
> the encrypted files on the ext drive just in
> case I can recover them someday. Even if I
> don't need them by then, the experience will
> be good to have. Fortunately, it's all
> replaceable DATA for the most part in the
> backups that I've really lost, not articles
> or vettings, so most of it can be recreated
> given the time and brain-power needed.
> :
> : That said, if you have not totally toasted
> the C install, and so, in the
> : absence of usable backup, have the profile
> then perhaps the most
> : direct thing is just fixing C so that it
> will boot.
> ...
> In a fit of frustration last nite I deleted
> the boot partition on C and reinstalled.
> It's reinstalled and ready to rebuild now,
> so the rest of it becomes moot in most ways.
> I'm doing the first interim backup now and
> prepping to go online for the updates etc.,
> then I'll run PM and finish rebuilding the
> rest. I created a Tree of Folders and that
> wasn't encrypted, so I can thank the heavens
> for small favors at least; that'll go a long
> ways to helping me with the restructuring.
>
> My thanks to everyone who responded - it was
> a great effort, but I think I just didn't
> have the savvy needed to carry out the
> recovery. Maybe next week I will <g>.
>
> Regards,
>
> Pop
>
>

If the older backup is not too old, meaning not before the last
major service pack had been applied, and if it contains the
profile of the encrypting account and you can recall the password
of the account at time of the backup, then you _theoretically_
have everything that is needed to recover the EFS file access.

I would recommend that planning for recovery needs to include
not jut backups and verification by the backup software, but also
one always needs to include periodic "firedrills" to verify that
they are indeed usable. Sometimes there are conflicts with the
hardware compression in the backup media device compared to
software compression in the backup software - not really conflict
in inherent sense but in using one going out to media and then
attempting to use the other coming in from media, when in fact
one must use the same settings both times.

--
Roger Abell
February 7, 2005 1:13:00 PM

Archived from groups: microsoft.public.security,microsoft.public.security.homeusers,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto (More info?)

Top Posted because this will be my last post in this particular thread.

My thanks to everyone who responded.

Roger, I hear you! If ever there was a demonstration of -why- good backup
strategies are important, this has been it. In the interest of time I bit
the bullet and am presently rebuilding everything from the deleted partition
on up. Almost done. I think; maybe; uhhh ...
Just FYI, this will NOT be able happen again. Soon's I finesse it, the
schedule's going to be printed and stuck to the wall just to the left of my
monitor!
I saved the orphaned backups of course, because for at least another
month or so, it would still be pretty useful to get that stuff back. I'm
attempting to close the thread here, but rest assured I'm not going to unsub
from the group. In fact, I'll most likely add it to my daily lurk list.
Interestingly enough, I had to once more remove the part/reformat/install
because the very first, original problem was still not fixed. I got so
involved in all the restore problems I never even checked to verify the
original problem was gone!
Since the previous install had erroneously been allowed to go on D, there
was of course the little cluster of necessary install on the C drive, and I
STILL had the original problem, which was a spontaneous reboot and 'Serious
Error' recovery message when it came back. Rather than get into yet another
research effort I didnt' have time for, I simply removed the partition on C
and did the format/install again. This time I checked for the existance of
the reboot right away - and, it was, and still is, gone. That's a thread of
a different color though!
From a first glance, I was afraid this group would be too far over my head
to be useful (at least the names that looked like they could help me in
particular), but I was wrong. Thanks, and I sincerely appreciate everyone's
time.

Hate that I don't yet know what the answers are, but ... maybe eventually
I'll find them.

It's been a lark!

Pop
---
I make well decisions, and
I talk English very good.

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:o uC$Uq6CFHA.2620@tk2msftngp13.phx.gbl...
> "POP" <nobody@spamcop.net> wrote in message
> news:%23Oe97s4CFHA.2632@TK2MSFTNGP12.phx.gbl...
>> "Roger Abell" <mvpNOSpam@asu.edu> wrote in
>> message
>> news:o QUhOS0CFHA.624@TK2MSFTNGP15.phx.gbl...
>> : You said that the backup CDs were not
>> usable, and also that the
>> : backup incrementals were on the encrypted
>> external.
>> === I'm glad you restated that; something
>> seems awful fishy when I read it the way you
....
>
> If the older backup is not too old, meaning not before the last
> major service pack had been applied, and if it contains the
> profile of the encrypting account and you can recall the password
> of the account at time of the backup, then you _theoretically_
> have everything that is needed to recover the EFS file access.
>
> I would recommend that planning for recovery needs to include
> not jut backups and verification by the backup software, but also
> one always needs to include periodic "firedrills" to verify that
> they are indeed usable. Sometimes there are conflicts with the
> hardware compression in the backup media device compared to
> software compression in the backup software - not really conflict
> in inherent sense but in using one going out to media and then
> attempting to use the other coming in from media, when in fact
> one must use the same settings both times.
>
> --
> Roger Abell
>
>
Anonymous
a b 8 Security
April 24, 2005 4:24:01 AM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

Can you help me?
I have encrypted file in Windows 2000. I had to reinstall My Windows.
Reformatted the drive NTFS and I install Windows XP Pro. Now I cannot access
these files (encrypted file) in My Drive, which are stored in a separate
partition. How can I open Files Encrypted in My system.
Best Regards
Fatemeh Rezaei


"MICROSOFT" wrote:

> Posted to: microsoft.public.security; microsoft.public.security.homeusers;
> microsoft.public.windowsxp.security_admin; microsoft.public.security.crypto:
> Is there a better group?
>
> HI,
>
> If this looks familiar, that's because it is. Originally I posted this to
> two ng's, neither of which I can find now. You'll understand why shortly,
> if you consider my short-term memory problems <g>. I think I can restate it
> a lot better now, too. Any and all assistance/advice much appreciated.
>
> XP Pro, completely updated SP2/hotfix, two 80Gig internal, not RAID et al,
> one ext 160Gig external, no SCSI.
>
> Short Story:
> 1. Accidentally encrypted data on external ACOM USB 160 Gig drive.
> Included my Full/Incremental backup done recently. It was a mis-click and I
> stopped it, but it had already finished. Folders also were encrypted. Then
> of course, I "forgot" it happened: until I needed the files, of course.
> They are WINZIP files, encrypted, I'm fairly sure, by XP EFS, but could not
> swear that winzip didn't do it. It -looks- like EFS did the encryption.
> 2. Later, trying to track down files disappearing for no reason, eventually
> C became trashed.
> 3. OK, got our my ASR floppy, booted on it, all went fine until it wouldn't
> accept my backup CDs as valid files. They were created with the system
> Backup function. I don't remember doing a Verify operation.
> 4. Upon boot, got an error message; bad hardware. Didn't believe it.
> 5. Reformat/reinstall XP.
> 5a XP CD would NOT let me delete the partition on C, nor would it let me
> install to C. It was so adamant, and yes, I've used it before and think all
> I had to do was delete the partition first, to put XP on C., that I finally
> acquesced and said OK, put it on D.
> No problems, boots fine from D for the boot disk. I'll worry about
> drive letter assignments later; right now I've only got a minimal install
> anyway - nothing but XP, Norton, Firewall; no antispy stuff yet.
>
> SYNOPSIS:
> -- I ass-u-me when I formatted, I got new keys and certificates, right?
> And that's why I can't access the files on my external USB drive?
>
> -- I DID manage to decrypt the Folders, so future files won't be encrypted;
> that's why I think it's EFS produced encryption and not Winzip's. But, I
> can't find a way to get at any of the Files that are encrypted.
>
> -- OK, I"ve managed to recover from lost passowords, all kinds of things,
> so there must be a way to decrypt those Files, either to the same drive or
> to another drive. Folders are UNencrpted now, but I can only copy them
> around their own drive, not to another drive where they might expand. None
> are R, H, or S. But danged if I can find it! I"ve seen a couple of
> similarities on these groups, but none with a solution that worked for me;
> either they weren't applicable or the thread ended with a terse microsoft
> reference, most of which I'd already looked at and tried. I've been thru
> many MSKB articles with no joy. I've tried Cipher also, to no avail. My
> resources are about exhausted, so I'm looking for help here. So the
> ultimate question is, in view of the above information:
>
> HOW can I load, decrypt or otherwise manipulate those encrypted files in
> order to recover them? Although it doesn't appear an advantage, I'd easily
> consider another format if it would open up any avenues.
>
> I'm no guru, but you can talk about how to get to and use most of the Admin
> Tools, etc., so you don't have to completely hold my hand, but ... this is
> new territory for me, so please keep that in mind.
>
> I also have Partition Magic 8, though not loaded yet, if that means
> anything to anyone.
>
> Pop
> ---
> Microsoft's Security might not
> be all that good, but, so far,
> it's PERFECT with those files!
>
>
>
>
>
Anonymous
a b 8 Security
April 24, 2005 4:40:32 AM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

In news:2496D760-BB77-45B8-A08C-E527CF60B96A@microsoft.com,
fatemeh <fatemeh@discussions.microsoft.com> did some thinking and came up
with these words:
> Can you help me?
> I have encrypted file in Windows 2000. I had to reinstall My Windows.
> Reformatted the drive NTFS and I install Windows XP Pro. Now I
> cannot access these files (encrypted file) in My Drive, which are
> stored in a separate partition. How can I open Files Encrypted in My
> system.
> Best Regards
> Fatemeh Rezaei
>
>
> "MICROSOFT" wrote:
>
>> Posted to: microsoft.public.security;
>> microsoft.public.security.homeusers;
>> microsoft.public.windowsxp.security_admin;
>> microsoft.public.security.crypto: Is there a better group?
>>
>> HI,
>>
>> If this looks familiar, that's because it is. Originally I posted
>> this to two ng's, neither of which I can find now. You'll
>> understand why shortly, if you consider my short-term memory
>> problems <g>. I think I can restate it a lot better now, too. Any
>> and all assistance/advice much appreciated.
>>
>> XP Pro, completely updated SP2/hotfix, two 80Gig internal, not RAID
>> et al, one ext 160Gig external, no SCSI.
>>
>> Short Story:
>> 1. Accidentally encrypted data on external ACOM USB 160 Gig drive.
>> Included my Full/Incremental backup done recently. It was a
>> mis-click and I stopped it, but it had already finished. Folders
>> also were encrypted. Then of course, I "forgot" it happened: until
>> I needed the files, of course. They are WINZIP files, encrypted, I'm
>> fairly sure, by XP EFS, but could not swear that winzip didn't do
>> it. It -looks- like EFS did the encryption.
>> 2. Later, trying to track down files disappearing for no reason,
>> eventually C became trashed.
>> 3. OK, got our my ASR floppy, booted on it, all went fine until it
>> wouldn't accept my backup CDs as valid files. They were created
>> with the system Backup function. I don't remember doing a Verify
>> operation.
>> 4. Upon boot, got an error message; bad hardware. Didn't believe
>> it.
>> 5. Reformat/reinstall XP.
>> 5a XP CD would NOT let me delete the partition on C, nor would it
>> let me install to C. It was so adamant, and yes, I've used it
>> before and think all I had to do was delete the partition first, to
>> put XP on C., that I finally acquesced and said OK, put it on D.
>> No problems, boots fine from D for the boot disk. I'll worry
>> about drive letter assignments later; right now I've only got a
>> minimal install anyway - nothing but XP, Norton, Firewall; no
>> antispy stuff yet.
>>
>> SYNOPSIS:
>> -- I ass-u-me when I formatted, I got new keys and certificates,
>> right? And that's why I can't access the files on my external USB
>> drive?
>>
>> -- I DID manage to decrypt the Folders, so future files won't be
>> encrypted; that's why I think it's EFS produced encryption and not
>> Winzip's. But, I can't find a way to get at any of the Files that
>> are encrypted.
>>
>> -- OK, I"ve managed to recover from lost passowords, all kinds of
>> things, so there must be a way to decrypt those Files, either to the
>> same drive or to another drive. Folders are UNencrpted now, but I
>> can only copy them around their own drive, not to another drive
>> where they might expand. None are R, H, or S. But danged if I
>> can find it! I"ve seen a couple of similarities on these groups,
>> but none with a solution that worked for me; either they weren't
>> applicable or the thread ended with a terse microsoft reference,
>> most of which I'd already looked at and tried. I've been thru many
>> MSKB articles with no joy. I've tried Cipher also, to no avail. My
>> resources are about exhausted, so I'm looking for help here. So the
>> ultimate question is, in view of the above information:
>>
>> HOW can I load, decrypt or otherwise manipulate those encrypted
>> files in order to recover them? Although it doesn't appear an
>> advantage, I'd easily consider another format if it would open up
>> any avenues.
>>
>> I'm no guru, but you can talk about how to get to and use most of
>> the Admin Tools, etc., so you don't have to completely hold my hand,
>> but ... this is new territory for me, so please keep that in mind.
>>
>> I also have Partition Magic 8, though not loaded yet, if that
>> means anything to anyone.
>>
>> Pop
>> ---
>> Microsoft's Security might not
>> be all that good, but, so far,
>> it's PERFECT with those files!

If you don't have a full system backup that can be restored or haven't
exported the encryption key, you are pretty much hosed and can consider the
data lost.

--
Ron Bogart {} ô¿ô¬
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
Lovin life on Mercer Island 8^)
"Life is what happens while we are making other plans."
In memory of a true friend, MVP Alex Nichol (1935-2005)
Anonymous
a b 8 Security
April 24, 2005 12:56:20 PM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

"fatemeh" <fatemeh@discussions.microsoft.com> wrote in message
news:2496D760-BB77-45B8-A08C-E527CF60B96A@microsoft.com
> Can you help me?
> I have encrypted file in Windows 2000. I had to reinstall My Windows.
> Reformatted the drive NTFS and I install Windows XP Pro. Now I cannot
> access
> these files (encrypted file) in My Drive, which are stored in a separate
> partition. How can I open Files Encrypted in My system.
> Best Regards
> Fatemeh Rezaei

You should never encrypt a file unless you'd rather lose the contents than
have someone else read them. You lost.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/defau...
http://defendingyourmachine.blogspot.com/
Anonymous
a b 8 Security
April 24, 2005 12:56:21 PM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

In news:uO8rxWNSFHA.1172@TK2MSFTNGP12.phx.gbl,
Frank Saunders, MS-MVP IE/OE <franksaunders@mvps.org> did some thinking and
came up with these words:
> "fatemeh" <fatemeh@discussions.microsoft.com> wrote in message
> news:2496D760-BB77-45B8-A08C-E527CF60B96A@microsoft.com
>> Can you help me?
>> I have encrypted file in Windows 2000. I had to reinstall My Windows.
>> Reformatted the drive NTFS and I install Windows XP Pro. Now I
>> cannot access
>> these files (encrypted file) in My Drive, which are stored in a
>> separate partition. How can I open Files Encrypted in My system.
>> Best Regards
>> Fatemeh Rezaei
>
> You should never encrypt a file unless you'd rather lose the contents
> than have someone else read them. You lost.

Very good description of the hazards of encryption! :-)

--
Ron Bogart {} ô¿ô¬
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
Lovin life on Mercer Island 8^)
"Life is what happens while we are making other plans."
In memory of a true friend, MVP Alex Nichol (1935-2005)
Anonymous
a b 8 Security
April 24, 2005 4:42:47 PM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

Sorry, You are screwed.

The idea is changing the account in any way other than through the account
itself permanently destroys your ability to read the encrypted information.
Since a format is not through the account.....

--
- Mark Randall :) 
http://zetech.swehli.com

"fatemeh" <fatemeh@discussions.microsoft.com> wrote in message
news:2496D760-BB77-45B8-A08C-E527CF60B96A@microsoft.com...
>
> Can you help me?
> I have encrypted file in Windows 2000. I had to reinstall My Windows.
> Reformatted the drive NTFS and I install Windows XP Pro. Now I cannot
> access
> these files (encrypted file) in My Drive, which are stored in a separate
> partition. How can I open Files Encrypted in My system.
> Best Regards
> Fatemeh Rezaei
Anonymous
a b 8 Security
April 24, 2005 4:42:48 PM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

There are some file recovery software, I could not tell you the name of any
one, which can get back some files depending on how the drive was formatted.
If you were to recover the profile and key you used to encrypt you might
stand a chance, . It is a long, complicated and expensive process.

"Mark Randall" <markyr@gmail.com> wrote in message
news:uriABLMSFHA.3156@TK2MSFTNGP15.phx.gbl...
> Sorry, You are screwed.
>
> The idea is changing the account in any way other than through the account
> itself permanently destroys your ability to read the encrypted
> information. Since a format is not through the account.....
>
> --
> - Mark Randall :) 
> http://zetech.swehli.com
>
> "fatemeh" <fatemeh@discussions.microsoft.com> wrote in message
> news:2496D760-BB77-45B8-A08C-E527CF60B96A@microsoft.com...
>>
>> Can you help me?
>> I have encrypted file in Windows 2000. I had to reinstall My Windows.
>> Reformatted the drive NTFS and I install Windows XP Pro. Now I cannot
>> access
>> these files (encrypted file) in My Drive, which are stored in a separate
>> partition. How can I open Files Encrypted in My system.
>> Best Regards
>> Fatemeh Rezaei
>
>
Anonymous
a b 8 Security
April 24, 2005 8:16:58 PM

Archived from groups: microsoft.public.security,microsoft.public.windowsxp.security_admin,microsoft.public.security.crypto,microsoft.public.security.homeusers (More info?)

Uh...

Encrypt all you want, preferably any folders with info such as passwords,
confidential documents etc in, just make sure you have the keys to decrypt
it.

- Mark R

"Frank Saunders, MS-MVP IE/OE" <franksaunders@mvps.org> wrote in message
news:uO8rxWNSFHA.1172@TK2MSFTNGP12.phx.gbl...
> "fatemeh" <fatemeh@discussions.microsoft.com> wrote in message
> news:2496D760-BB77-45B8-A08C-E527CF60B96A@microsoft.com
>> Can you help me?
>> I have encrypted file in Windows 2000. I had to reinstall My Windows.
>> Reformatted the drive NTFS and I install Windows XP Pro. Now I cannot
>> access
>> these files (encrypted file) in My Drive, which are stored in a separate
>> partition. How can I open Files Encrypted in My system.
>> Best Regards
>> Fatemeh Rezaei
>
> You should never encrypt a file unless you'd rather lose the contents than
> have someone else read them. You lost.
>
> --
> Frank Saunders, MS-MVP, IE/OE
> Please respond in Newsgroup only. Do not send email
> http://www.fjsmjs.com
> Protect your PC
> http://www.microsoft.com./athome/security/protect/defau...
> http://defendingyourmachine.blogspot.com/
>
>
!